package com.hsd.whb.config;


import com.hsd.whb.code.ValidateCodeSecurityConfig;
import com.hsd.whb.properties.HibernateProperties;
import com.hsd.whb.properties.PersonProperties;
import com.hsd.whb.properties.SecurityConstants;
import com.hsd.whb.properties.SecurityProperties;

import com.hsd.whb.security.recorder.RecorderAuthenticationSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;


@Configuration
@EnableJpaRepositories(basePackages = "com.hsd.whb.repository")
@EnableConfigurationProperties({SecurityProperties.class, HibernateProperties.class, PersonProperties.class})
public class HwbSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    protected AuthenticationSuccessHandler imoocAuthenticationSuccessHandler;

    @Autowired
    protected AuthenticationFailureHandler imoocAuthenticationFailureHandler;

    @Autowired
    private RecorderAuthenticationSecurityConfig recorderAuthenticationSecurityConfig;

    @Autowired
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
                .loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_MANAGER)
                .successHandler(imoocAuthenticationSuccessHandler)
                .failureHandler(imoocAuthenticationFailureHandler)
                .and()
                .logout()
                .logoutSuccessUrl(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
                .and()
                .apply(recorderAuthenticationSecurityConfig)
                .and()
                .apply(validateCodeSecurityConfig)
                .and()
                .rememberMe()
                .tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds())
                .userDetailsService(userDetailsService)
                .and()
                .sessionManagement()
                .maximumSessions(securityProperties.getBrowser().getSession().getMaximumSessions())
                .maxSessionsPreventsLogin(securityProperties.getBrowser().getSession().isMaxSessionsPreventsLogin())
                .and()
                .and()
                .authorizeRequests()
                .antMatchers("/manager/*").hasRole("MANAGER")
                .antMatchers("/recorder/*").hasRole("RECORDER")
                .antMatchers("/root/*").hasRole("ROOT")
                .antMatchers(
                        SecurityConstants.DEFAULT_UNAUTHENTICATION_URL,
                        SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_RECORDER,
                        SecurityConstants.DEFAULT_REGISTER_URL,
                        "/loginAndRegister/" + SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/*",
                        "/loginAndRegister/forgetPassword",
                        securityProperties.getBrowser().getSignUpUrl(),
                        securityProperties.getBrowser().getSession().getSessionInvalidUrl() + ".json",
                        securityProperties.getBrowser().getSession().getSessionInvalidUrl() + ".html",
                        "/js/*", "/css/*", "/img/*", "/fonts/*")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .headers().frameOptions().disable()
                .and()
                .csrf().disable();

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
        auth
                .authenticationProvider(new DaoAuthenticationProvider())
                .userDetailsService(userDetailsService);
    }


}
